Author: Security Experts / Source: Information Security Buzz
Facebook and Google were the victims of a $100M phishing scam. According to the Justice Department, the crook forged email addresses, invoices, and corporate stamps in order to impersonate a large Asian-based manufacturer with whom the tech firms regularly did business. The point was to trick companies into paying for computer supplies. IT security experts from AlienVault, ESET, Tripwire, Comparitech.com and FireMon commented below.
Javvad Malik, Security Advocate at AlienVault:
“CEO / CFO fraud, is where a CFO being sent a phishing email purporting to be from the CEO demanding they immediately transfer some money to a third party.
The concept of this heist is identical, albeit at a much higher level, with a lot more foundational work being put in place beforehand.
Therefore, it is not unexpected that many of the mitigation strategies would be similar in nature, these would include, better third party identification and verification process, more stringent payment authorisations, and not solely relying on email as an authority to process.”
Mark James, IT Security Specialist at ESET:
“It’s a fact in today’s digital world that there is always someone trying to scam you. We fight it, we delete it, we even highlight it and use it to teach others what to look out for but there is one thing humans are good at and that’s adapting. Most spam or phishing attacks end up a failure, but that’s the nature of these types of attacks they don’t all have to succeed. For us to be safe we have to detect or block 100% of those attempts but they only need to get one right. If someone puts their mind to doing something there is a good chance they will succeed, whether that’s education, business or foul deeds. The good thing about the latter is most of the time people get caught. This particular plan involved forging email addresses, invoices, and corporate stamps in order to trick some big companies…
Click here to read more
